Terms and Conditions
A. General Part
1. Scope
The Stepstone Group Belgium NV (hereinafter referred to as “Stepstone“) and the undersigned business partner (hereinafter referred to as “Customer“) agree to fulfil the performance of their contract pursuant to these Terms and Conditions and the price list. Stepstone’s Terms and Conditions together with the price list contain the whole agreement between Stepstone and the Customer. Any terms and conditions of the Customer do not apply, unless Stepstone explicitly consents to them in writing.
2. Closing of contract
The contract is concluded when Stepstone receives the signed acceptance of the contract offer, which shall contain the date and signature of the Customer. Amendments and additions to the contract as well as statements and individual instructions must be made in writing. Faxes are considered to be a written form. Electronic form, including email is excluded.
3. Description of Services
3.1.
The contract obliges Stepstone to publish the products and perform the services agreed upon in the contract, displayed at www.Stepstone.be (“Service Elements“) in accordance with these Terms and Conditions. The publishing period in relation to access to application service provider products shall be at least 20 hrs per day. The description of services in our Additional Terms and Conditions applies in addition.
3.2.
The contract entitles Stepstone to use Customer data for trend analysis and surveys, however, results shall be published anonymously.
3.3.
Non-competition clauses are not accepted.
4. Remuneration
Payment for the services performed by Stepstone is set out in the price list given to the Customer. The price list which was in force and given to the Customer at the time when the offer was made to the Customer shall be valid. Services that are not included in the Stepstone price list are subject to individual agreements between Stepstone and the Customer.
5. Conditions of Payment
5.1.
Payment referred to in section 4, includes all additional costs such as e-mails, telephone calls, fax, data transmission, copies and postage which are usually incurred. The cost of corrections and proof-reading that have occurred as a result of the Customer supplying incorrect data are not included. Stepstone will inform the Customer if the additional costs exceed the average amount in relation to individual orders. The Customer is obliged to pay Stepstone for these additional costs if he has consented to them.
5.2.
If a Service Element is published containing an error, the first correction of the incorrect Service Element is free of charge provided that the error was not caused by the Customer’s faulty performance. Thereafter every additional correction shall be charged for according to Stepstone’s price list valid at the time when the order for correction was made. However, if Stepstone makes a mistake in the first correction, the first additional correction shall be free of charge.
5.3.
The Customer will be invoiced immediately after the first rendering of a Service Element and at the latest 14 days after the conclusion of the contract if no Service Element has been rendered due to the fault of the Customer. Payment is due 10 days after receipt of the invoice, without deductions. When a default in payment or a deferment of payment has occurred, interest will be charged at the rate of 8% above the base rate of the European Central Bank and collection costs will also be charged. In case of default in payment, the debtor has to pay a compensation for the extra judicial cost, and without the need of a notice of default, an amount of 10% payable on the invoice due, with a minimum of 200 euro the invoice, unless the actual collection costs, including costs for legal assistance, would be higher.In the event of a default in payment, Stepstone can suspend further performance of the contract until the payment has been made in full. This shall not apply if the Customer is entitled to assert a right of retention. If the parties agreed on payment by instalments, and an instalment is not paid 30 days after the due date, the whole of the remaining amount shall become payable immediately.
5.4.
All prices exclude any VAT legally payable on the date of the invoice.
5.5.
If payment is made from abroad, cheques for less than 1,000 Euros will only be accepted if an administration charge of 25 Euros is paid in addition. Payment by bank transfer from abroad will only be accepted if all bank fees and expenses are paid by the Customer.
5.6
We reserve the right to send all invoices and correspondence in relation to invoices such as but not limited to dunning letters only as an attachment in an email. On that account, the customer undertakes to provide Stepstone with a valid email address and to promptly inform Stepstone of any changes in email address.
6. The Basis of Co-operation
6.1.
Stepstone is committed to continually optimise the number of responses to Advertisements of the Customer and to improve the quality and quantity of the searchable applications. This includes working together with several co-operation partners in offline or online media. The Customer hereby gives Stepstone the right to publish Service Elements without prior notice in online and offline media, print media and audio and video media. Stepstone pays special attention to the image and quality of its co-operation partners.
6.2.
The Customer’s rights under this contract are neither transferable nor assignable. The contract can only be transferred to a third party with Stepstone’s consent.
6.3.
After concluding this contract, the Customer agrees to receive by e-mail or post questionnaires, newsletters and other commercial communications that help Stepstone to improve and maintain its quality standard. The Customer can withdraw his consent at any time without formal requirements and the withdrawal of consent will be immediately effective.
6.4.
Stepstone reserves the right to not execute orders placed by the Customer or to withdraw Service Elements that have already been published if they breach legal provisions, official regulations, the rights of third parties or good morals (“Illegal Content“). This also applies if links included in the Customer’s Service Elements lead directly or indirectly to pages containing Illegal Content. The Customer’s payment obligation remains unaffected. Stepstone shall only be obliged to remove Illegal Content that breaches legal provisions and/or at the request of the Customer. The Customer undertakes to indemnify Stepstone and hold Stepstone harmless against all payments and legal costs incurred due to Illegal Content or breach of law on first demand.
6.5.
In particular this includes following content:
6.5.1.
If a self employed or freelance job is posted it must be made explicitly that the job is self employed or freelance.
6.5.2.
If the candidate has to make payments or investments (including training and/or travel fees) this must be made explicitly clear in the Service Element. The same applies where a commission is paid for the attraction of new members to a closed system.
6.5.3.
Service Elements must refer to a specific vacant position or job.
6.5.4.
Ads for club memberships and ponzi schemes, pyramid sales or similar are not allowed.
6.5.5.
Service Elements must specify the job position correctly and must not be misleading
6.5.6.
Websites that are linked to must comply with legal requirements
6.5.7.
Any Service Elements that violate anti discrimination law
6.5.8.
Even if the aforesaid requirements are met no content must be published besides the content related to the position or job that is irrelevant to the job search, such as e.g. competitions, events without career relevance, mere sales campaigns etc.
6.5.9.
Direct links to external job offers that are not published by Stepstone are not permitted. If these requirements are not fulfilled the content shall be deemed Illegal Content as per 6.4.
6.6.
Stepstone bears no responsibility for received data, texts for Advertisements or the corresponding storage media, and in particular is not obliged to preserve or return these items to the Customer.
6.7.
Stepstone is entitled to use vicarious agents.
6.8.
The Customer is responsible for configuring and arranging his infrastructure in accordance with the prevailing state of the art so that it becomes neither a target nor a source of disruptions which could affect the Internet service supplied by Stepstone or trouble and fault free network operation in general.
6.9.
The Customer guarantees that all of his content or parts thereof published by him on the Internet or given to Stepstone for publication are not encumbered by third party rights. The Customer shall indemnify Stepstone and hold Stepstone harmless against any damage Stepstone suffers from an infringement of this provision by the Customer on first demand.
7. Content Notification System and Moderation
7.1.
As part of its legal obligations, Stepstone has introduced an electronic notification and complaint procedure to review suspected illegal content published by third parties on the platform operated by Stepstone. In this respect, users of our platform are free to report third-party content if they are convinced that the notified content is a violation of legal regulations (illegal content) and/or the published content violates our general terms and conditions and/or terms of use.
7.2.
If, after reviewing a notification, it is determined that the reported content does not comply with the applicable legal requirements and/or violates the provisions of these General Terms and Conditions, Stepstone reserves the right to block, remove or otherwise restrict access to the notified content (“moderation measure”). The same applies to content that Stepstone categorises as illegal and/or in conflict with the General Terms and Conditions on the basis of a voluntary investigation and review. However, Stepstone is not obliged to review the content provided in general.
7.3.
Stepstone reserves the right to suspend the processing of a notification if, after careful examination of all circumstances, it is obvious that the reporting person has engaged in abusive behaviour. Such misuse exists in particular if the reporting person repeatedly uses the reporting function for a large number of cases and the review by Stepstone shows that there is no justified reason for the report. Stepstone will inform the reporting person, as far as technically possible, about the suspension of processing.
8.Complaints procedure after moderation decision
8.1.
If the person or organisation concerned does not agree with a decision made on the basis of a report via the notification function set up, they generally have the option of submitting a complaint via the internal complaints management procedure set up by Stepstone. The same applies to moderation measures taken on the basis of a voluntary review of the content provided.
8.2
Access to the complaints procedure is available to persons and organisations (“complainants”) who have reported allegedly unlawful content, but no moderation measures have been taken by Stepstone. There is also access in cases in which the complainant is affected by a specific moderation measure, such as the temporary removal of published content.
8.3.
The person affected have the right to file an internal complaint for a period of six months from the date of Stepstone’s decision on the reported content.
8.4.
Stepstone reserves the right to suspend the processing of a complaint if, after careful consideration of all circumstances, it is obvious that the complaint is being abusively filed by the complainant. In particular, such abuse occurs where the complainant repeatedly raises the complaint for a large number of cases and Stepstone’s review shows that there is no legitimate reason for the complaint. Stepstone will, to the extent technically feasible, inform the complainant of the suspension of processing.
9.Registration and login
Insofar as the customer registers for the use of a service on the websites operated by Stepstone.
9.1.
To provide all data requested for registration completely and truthfully,
9.2.
adequately protect access data and content from unlawful access by third parties,
9.3.
Keep passwords secret and secure the registered account from unauthorized access by third parties,
9.4.
Stepstone immediately if the customer suspects unauthorized access to the registered account and/or if there are indications of such access.
10.Intellectual Property Rights
10.1.
This contract does not transfer any (intellectual) property right, licence or right of use from Stepstone to the Customer. All of Stepstone’s rights (including but not limited to copyright, trademark rights, sui generis database rights, logos, titles as well as any other commercial rights) remain Stepstone’s (intellectual) property without restriction.
10.2.
All material and content published by Stepstone are subject to Stepstone’s intellectual property rights (copyright, trademark rights and sui generis database rights), except for the individual elements of such material and content designed by the Customer or a third party that are already subject to a Customer’s or third party’s intellectual property rights and that have not been modified/revised by Stepstone.
10.3.
By placing the order for publishing job listings on the Internet, the Customer acknowledges that Stepstone is the producer of the database of such job listings and has the sole database right to the Customer’s job listings published in the database by Stepstone.
10.4.
The Customer is responsible for ensuring that the content to be published complies with press law, competition law and other applicable provisions.
10.5.
The Customer grants Stepstone a license to use, reproduce and communicate to third parties the customer data/content/logo/trademark/(trade)name or other signs for purposes of rendering the Service Elements. By placing the order, the Customer warrants that he has purchased or otherwise acquired all necessary user rights, copyrights and ancillary copyrights that are required for Stepstone to render the Service Elements (including but not limited to the publication of Customer’s data and content on the Internet).
11.Warranty
11.1.
Stepstone shall use its best efforts to supply the Service Elements as described in the relevant documentation. If the Service Elements involve the design of software, Stepstone will use its best efforts to design software free of errors. The Customer acknowledges that, according to current technical standards, it is not possible or economically reasonable to design a completely error-free program.
11.2.
The Customer undertakes to provide all information and other documentation required for achieving the objectives set out in the contract. This includes, in particular, the delivery of Advertisement texts and layouts in a digital form. This also includes the Customer’s obligation to immediately inform Stepstone if one of the Service Elements becomes outdated. Furthermore, the Customer is obliged to fulfil the requirement to co-operate as described in the corresponding Additional Terms and Conditions or, when available, as described in the product descriptions for the various Service Elements. If these requirements are not fulfilled in time, Stepstone’s period of performance shall be prolonged accordingly. This does not apply if Stepstone is responsible for the delay in performance.
12.Liability
12.1.
Without prejudice to sections 12.2, 12.3, 12.4 and 12.5, Stepstone’s entire liability under a contract is limited, to the maximum extent permitted by applicable law and to direct losses (excluding all consequential, special, punitive or incidental damages, damages for loss of profits or revenue, loss of privacy, business interruption, or loss of business information) up to the following amounts:
12.1.1.
If the damage is caused by a delay in performance by Stepstone: 0,5% of the price of the Service Element concerned, per full week (7 days) of delay, up to a maximum sum of 5% of the total contract price for the affected Service Element;
12.1.2.
If damages are due for any other reason, they shall not exceed 5% of the total contract price.
12.2.
Stepstone is not liable for:
12.2.1.
The correctness of the data published by Stepstone at the request of the Customer or Applicant. Stepstone shall not be liable for statements given in this data.
12.2.2.
The performance of third parties, which the Customer has contracted in order to fulfil the obligations of these Terms and Conditions.
12.2.3.
For any Force Majeure event such as those set out in section 13.below.
12.2.4.
For a minimum number or minimum quality of applications from Candidates to the Customer’s Job Listings.
12.2.5.
For investments made by the Customer in relation to the contract and in anticipation of a minimum number of applications.
12.3.
If the contractually guaranteed usage of a Service Element is limited by protection rights of third parties, Stepstone may, at its own expense, either change such Service Element to avoid such limitation or obtain the necessary permission to use such Service Element in compliance with third party rights. These measures should not result in the functionality of the Service Element being unreasonably limited for the Customer. If the Customer becomes aware of protection rights of third parties, the Customer is obliged to immediately inform Stepstone hereof in writing.
12.4.
The Customer must make all claims for compensation within one year from the date on which the Customer noticed, or should have noticed, the failure.
12.5.
The limitations on and exclusions of liability for damages under section 9 apply regardless of whether the liability is based on breach of contract, tort (including negligence), strict or product liability, hidden defects, breach of warranty, or any other legal duty, and even if (i) Stepstone is advised of the possibility of such damages or if such possibility was reasonably foreseeable and (ii) the damages result from Stepstone’s serious fault.
13.Force Majeure
In the event of unforeseeable incidents that have a substantial effect on the economics of a contract, or in the event of force majeure (both events referred to as “Force Majeure“), the contract will either be adapted accordingly and in good faith (eg. the periods of performance are prolonged for the duration of the Force Majeure), or terminated by Stepstone with immediate effect.Force Majeure includes but is not limited to: wars, fire, terrorist attacks, server breakdowns that are beyond Stepstone’s control or caused by an insufficient communication infrastructure or the deficient software or hardware of a Customer, cuts in telecommunication networks etc.
14.Confidentiality
14.1.
Stepstone shall treat as confidential all information delivered pursuant to this contract which is marked confidential. This obligation of Stepstone shall also continue after the contract has expired.
14.2.
Upon accepting the offer, both parties agree to mutually comply with all applicable privacy and data protection laws.
14.3.
The Customer is advised in accordance with data protection laws that Stepstone stores his data in a machine-readable form and uses it according to the purposes of this contract.
14.4.
It is the Customer’s responsibility to treat any ID, password or username or other security device provided for the use of the services with due diligence and due care and to take all necessary steps to ensure that they are kept confidential, secure, are used properly and are not disclosed to unauthorized persons. The Customer will be held responsible for any usage of his password or his username by third parties unless the Customer provides evidence that the access to such password or username by such third parties has not been enabled by him and that the cause of any such access attained does not lie within his sphere of influence. The Customer must immediately inform Stepstone if it is likely or has become known that someone not authorised is using his password or username or if they are being or are likely to be used in any unauthorized way. In the event of a breach of any material obligations of the Customer under this contract, in particular including but not limited to the infringement of any obligation described in this section, Stepstone is entitled to immediately interrupt the operation of its services without further notice and without releasing the Customer from any payment obligations.
15.Term
15.1.
This agreement shall be effective from the date on which Stepstone receives a signed version of the contract. The term agreed therein shall begin with the rendering of the first Service Element. If the Customer is responsible for the late rendering of the first Service Element the contract shall, at the latest, begin 14 days after the date Stepstone receives the signed contract. This contract terminates automatically after the agreed period has expired, unless the Additional Terms and Conditions set out below contain different provisions.
15.2.
Service Elements can only be ordered during the agreed contractual period. The Client’s right to order Service Elements that have not been claimed before the termination of the contract shall end with the termination of the contractual period.
16.Miscellaneous
16.1.
The laws of Belgium shall exclusively apply to this contract. The courts of Brussels shall have exclusive jurisdiction for disputes arising out of this contract.
16.2.
Place of performance for all legal relationships between Stepstone and the Customer shall be Brussels.
16.3.
Where individual performance elements relate to a performance comparison, average values are relevant. The ration is determined by taking the average of a significant number of products without the relevant performance element in relation to those with the relevant performance element.
B.Additional Terms and Conditions Advertisements
These Additional Terms and Conditions for job listings, banners and company presentations (“Advertisements“) apply in addition to our General Terms and Conditions and prevail in case of doubt.
1.Description of Services
1.1.
Stepstone shall publish Advertisements on the Internet on behalf of the Customer in accordance with section 3 of the General Terms and Conditions.
1.2.
The content to be published must comply with following requirements; otherwise they are considered as illegal content with the consequences as per clause 6.4 of Stepstone’s General Terms and Conditions:
1.2.1.
Within a job ad only links to online application forms or the company’s online presence are allowed.
1.2.2.
Links to competitors of Stepstone are not allowed unless the customer itself is competitor of Stepstone and links to its own online presence.
1.2.3.
All content of a job ad must be directly visible to the user. The Customer’s own tracking codes are not permitted unless they do not process personal data. Links to external sites must open in a separate window and must be designed in such way that it is perceivable that they link to external pages.
1.2.4.
Links are permitted only as “no follow” links, i.e. they must be set in such way they are not used by search engines to evaluate the link popularity.
1.2.5.
Visibility products are available for Stepstone customers in addition to the publication of job ads. Stepstone reserve the right not to publish visibility campaigns that would not meet the standards of quality that we set.
1.3.
In addition, Stepstone is entitled, but not obliged, to publish Advertisements in other media, offline or online or by print or to distribute Advertisements to third parties for further publishing. Stepstone co-operates with media partners for this purpose, and hosts the Stepstone Job board or parts thereof at further URLs without requesting prior approval from the Customer. A list of co-operating media partners can be requested from Stepstone. Stepstone will not charge any additional fees for such additional performance.
1.4.
When creating job adverts, the customer is required to observe the quality standards of Stepstone. These include in particular the providing of the job title and the job description as well as the customer’s company logo in accordance with these quality standards and other requirements.
1.5.
Stepstone reserves the right to convert the display layout of job ads in order to improve the listing quality across all devices.
1.6.
Upon customers request Stepstone will publish a button in relation to the job advertisements that is labeled with “Apply Now” or similar. Depending on the customer’s selection, this button can either link to a page designated by the customer or to a standardized application form operated by Stepstone on its platforms, with which the applicants can provide the data requested through the form and have them transmitted by Stepstone to the customer. The customer can receive the application at his choice in the Stepstone Recruiter Space. Stepstone will then submit the application to the specific account of the customer in the applicant management functionality in the Stepstone Recruiter Space.
1.7.
The above description of services is comprehensive.
2.Duration of Publication
2.1.
Unless otherwise agreed, a job listing is displayed for a period of 30 days, a banner for a period of 7 days.
2.2.
Users with a Personal Stepstone Account can store job listings in their Personal Stepstone Account for up to six months. The stored job listings will be accessible beyond the actual contract period in accordance with number 2.1 for these users.3. Anonymous Advertisements
3. Anonymous Advertisements
Stepstone offers to publish anonymous Advertisements. Incoming electronic applications will be forwarded without adaptation or viewing the content to an e-mail address of the Customer. Stepstone is not responsible for the content of such forwarded applications. Only electronic applications will be considered for forwarding, offline applications will not be forwarded. Also, applications with a clear lock flag will not be forwarded. Stepstone is not liable for the content of the applications. Stepstone reserves the right to delete applications with obvious Illegal Content (as described in section 6.4 of the General Terms and Conditions).The Customer is obliged to treat anonymous Advertisements in accordance with local laws and data protection regulations. The Customer indemnifies Stepstone on first demand against all claims of third parties arising from the Customer’s failure to comply with legal or data protection provisions.
4. Other
4.1.
The Customer is advised and agrees that Stepstone cannot prevent the unapproved publication of job listings by third parties. Stepstone shall however, subject to technical and legal limitations, use its best efforts to prevent such unapproved publication.
4.2.
The Customer shall hereby assign to Stepstone any rights in the ownership of a database that may exist with respect to any multiple Advertisements delivered to Stepstone for publication. In particular, the Customer acknowledges that Stepstone is the producer of the database of such job listings and has the sole database right to the Customer’s job listings published in the database by Stepstone.
4.3.
An offer from Stepstone for a price lower than the price mentioned in the price list is only valid in relation to the specific Customer and under the specific conditions such an offer was made by Stepstone. It is not valid for a Customer who wants a third party, for example, an agency to act on his behalf.
4.4.
The transfer of an Advertisement Agreement (“Reselling“) to a third party requires Stepstone’s prior consent.
4.5.
Stepstone continually endeavours to optimize the search result at www.Stepstone.be, having the goal to achieve optimal results for customers. As far as the categorization of advertisements is done by the customer, the customer is obliged to do these in a correct and reasonable way. Stepstone reserves the right to amend the categorization in its discretion. The customer cannot claim publication of his advertisements in specific categories selected by him.
4.6.
Stepstone uses a specific layout for the cross-device optimised display of job ads. Therefore, Stepstone converts job ads from any layout automatically in an optimised structure of content for cross-device readability without charging additional fees.
C.Additional Terms and Conditions CV Database
1.Description of Services
1.1.
These Additional Terms and Conditions CV Database apply in addition to our General Terms and Conditions and prevail in case of doubt. Stepstone operates databases on the internet which contain CVs of jobseekers (“Candidate”). Candidates can enter their CVs into the databases. By activating the CV the Candidate publishes the CV either in anonymised form, i.e. without making personal data publicly accessible (“anonymised CV”), or in such a way that that his personal data are directly accessible in the database (“public CV”). The Customer, that orders an access to the CV database, may directly view public CVs and contact the candidates behind the CV and in case of anonymous CVs may, via the Stepstone electronical system, send a contact request to the candidate behind the CV.
1.2.
Furthermore, as an additional cost-free service, the customer can save comments about candidates whose profiles he can view anonymously or publicly. These comments are saved and processed by Stepstone on behalf of the customer in the sense of Art. 28 GDPR; the Additional terms and conditions Stepstone Data Processor Agreement apply here. For the sake of clarity, it is specified that the other services provided by the DirectSearch Database are not processed as data processor on behalf of the customer. Stepstone merely provides the content stored by the candidate at Stepstone’s platforms and remains responsible for data protection as controller. As far as the customer uses this data, he may become a separate and independent controller.
1.3.
Stepstone only grants access to the CV Database to Customers for their own personal needs. No Customer may forward access to the CV Database or anonymous CVs to third parties. It is not allowed to access the CV database for enticement of customers. No Customer may place deep links from his own web site to the CV Database (“Deep Links”). Stepstone reserves the right to take immediate legal action against any infringement of this clause without giving any prior warning notice.
1.4.
The Customer may make use of certain functionalities in the “CV-Center”. The service does not include any data backup for the Customer. Data may be removed or deleted from the back-office at any time without giving prior warning. Data will automatically be removed from the CV-Center for data protection reasons as soon as a Candidate deletes his CV from the CV Database. The CV database must not be used for any purposes violating antidiscrimination law.
1.5.
If the Customer saves the personal data of Candidates on his own systems he is obliged to comply with further monitoring duties. Should a Candidate delete his CV from the Stepstone Database and the CV Center, the Customer is obliged to immediately delete such data from his own systems. He is then also obliged to destroy any related hard copies.
1.6.
The Customer is entitled to contact up to 500 CVs from the CV Database per month through the CV Database.
1.7.
In case on anonymised CVs Candidates may block certain companies from accessing their CV. In such cases the respective Customer can not send a contact request to the Candidate.
2.Obligations of the Customer
2.1.
The Customer warrants that he will comply with all legal provisions, third party rights and good morals. Section 6(4) of the General Terms and Conditions shall prevail.
2.2.
In particular, the Customer warrants not to forward or otherwise communicate the personal data of Candidates, to respect their confidentiality and to comply with all applicable data protection and privacy rules. The Customer is advised that, if a Candidate should approach Stepstone requesting the deletion of any data relating to the Candidate, and Stepstone thereafter gives notice to the Customer of this request, the Customer is obliged to delete any hard copy or electronic files or data relating to a certain Candidate Profile immediately.
Stepstone assumes that storage is required for a maximum period of 12 months, also taking into account possible defenses against antidiscrimination claims, so that the customer undertakes to retain any data stored by him and received by Stepstone no later than 12 months after accessing the Delete data. Stepstone reserves the right to block the customer’s access in the event of an infringement.
2.3.
The Customer undertakes to indemnify Stepstone against all losses, costs, claims, damages or other expenses that are caused by the Customer, unless Stepstone is responsible.
2.4.
Candidates are responsible for completing their Candidate Profiles. Therefore, Stepstone does not warrant their completeness, correctness, accuracy or accessibility. Stepstone does not warrant any degree of response.
2.5.
The data of jobseekers registering on the Stepstone sites (“Candidates”) is strictly confidential and may only be stored, or used according to applicable data protection laws. The Customer is only entitled to contact Candidates for filling certain vacancies. Stepstone is entitled to block the account of the Customer and withhold access to Candidate data in cases of infringements by the Customer.
2.6.
The Customer is advised that special terms apply to data transfers outside the European Union. Generally, such data transfers require the consent of the Candidate – even if the transfer occurs within a corporate group.
3.Price models
Depending on the specific price model agreed upon the Customer can access a predefined number of CVs in the CV Database for one month or pays per accessed CV or per number of searches he ran and may contact up to 500 CV profiles individually in order to fill a specific open position, in case of public CVs directly and in case of anonymous CVs after prior contact request. The number of contacts is limited to 500. Mass emails and spam mails are not permitted.
D.Additional Terms and Conditions Job Feed
These Additional Terms and Conditions Job Feed apply in addition to the General Terms and Conditions and prevail in case of doubt.
1.Description of Services
1.1.
By ordering the Job Feed Services, Stepstone is obliged to automatically mirror the job listings on the Customer’s web site on the Stepstone web site during the contractual period. The mirroring process is fully automated. Every Advertisement of the Customer will be published in an identical form. Additional manual changes are not provided. This description of services shall be deemed as an agreement of functionality and is comprehensive. No other functionalities are granted.
1.2.
Job Feed is a complex software solution. A good co-operation between the parties ensures its successful implementation and the expected functionality. The current Job Feed product description and the Job Feed technical documentation contain obligations of the Customer and conditions precedent for a successful usage of the program. The Customer is obliged to read this documentation before the Job Feed Services start. The Customer is advised that its content will be considered as known.
2.Term
2.1.
The term shall be agreed individually. Contrary to the General Terms and Conditions, Stepstone shall delete published job listings after these are deleted from the Customer’s database, and Stepstone shall publish job listings after they were entered into the Customer’s database.
2.2.
The Job Feed data mirroring will take place at least once per week.
3.Booking and Acceptance
3.1.
Any Job Feed listing published on the Stepstone site in the described form and any additional job listing published after or during the initial publishing period of four weeks shall be considered as booked by the Customer. A job listing shall be considered as accepted if it has been published for seven days on the Stepstone site without the Customer rejecting its publication.
3.2.
Stepstone shall count the job listings that were booked and accepted during the contract period and shall provide the Customer with a performance confirmation if requested.
E. Additional Terms and Conditions Company Pop-Up
These Additional Terms and Conditions Company Pop-Up apply in addition to our General Terms and Conditions and prevail in case of doubt.
1.Description of Services
1.1.
Stepstone shall publish a presentation of the Customer’s company as a pop-up on the Internet (“Company Pop-Up“) on behalf of the Customer.
1.2.
The Company Pop-Up shall be published during the second and third times a user uses the site per week. It contains a link to the Client’s Advertisements published by Stepstone. The size must not exceed 200 x 263 pixels.
1.3.
This description of services is considered to be an agreement of functionality and is comprehensive. Further functionalities are not granted.
2.Term
Company Pop-Ups will be published for a period of 7 days unless other periods have been agreed by the Parties.
3.Non Binding Offer
3.1.
Only one Company Pop-Up will be published on the Stepstone site per week. The Customer is not entitled to claim a specific publishing date. Of course, Stepstone will try to consider the Customer’s requirements as Farm as possible. The Customer shall usually receive a notice of the publishing date within 3 days, but at the latest one week after receipt of the order.
3.2.
Stepstone is entitled to change the position of the Company Pop-Up on the site or the design of the frame. Stepstone is also entitled to adjust the Company Pop-Up to comply with local legal provisions.
F.Additional Terms and Conditions Stepstone Boost
These Additional Terms and Conditions Stepstone Boost apply in addition to our General Terms and Conditions and prevail in case of doubt.
1.Description of Service
1.1.
Stepstone shall, on behalf of the Customer, publish a standard graphical banner (“Boost”) on the Internet, which is linked to the Customer’s job listing published on the Stepstone Site. This is to increase traffic.
1.2.
Boost can only be linked to one job listing. As soon as the job listing is offline, Boost is terminated.
1.3.
The position of the Boost banner shall be decided by Stepstone. Therefore the Customer has no right to have the banner positioned in a specified place.
1.4.
The ad-server of the online provider shall be authoritative for the purposes of calculating click-rates.
1.5.
No Agency Commission is granted for Stepstone Boost.
1.6.
The standard graphical banner must not exceed 468 x 60 / 12 KB in size. The Stepstone logo will be implemented on the right side of the banner.
2.Term
Boost shall be published for a maximum of 30 days. Boost will be switched offline after 500 clicks even if the maximum of 30 days has not been achieved.
G.Additional Terms and Conditions Video Ads
1.Description of Service
1.1.
On behalf of the Customer Stepstone publishes short videos that have been produced with the Customer’s involvement containing information about Customer and open positions on the internet (“Video Ads”). These Additional Terms and Conditions Video Ads apply in addition to our General Terms and Conditions and prevail in case of doubt
1.2.
This description of services is comprehensive.
2.Rights of use
2.1.
For such Video Ads that have been produced by Stepstone, Customer agrees that Stepstone owns the rights of use unrestricted by time or place in the Video Ads for all exploitation methods including but not limited to the right of reproduction, distribution, broadcasting and the making available right. Stepstone may grant licenses.
2.2.
After Stepstone’s prior approval, Customer may use the Video Ads for its own purposes on its website or on websites of cooperation partners. Stepstone will not unreasonably withhold approval. Stepstone may make the approval subject to additional payment, unless the Video Ad was produced by Customer. The Customer must not publish the Video Ad on other job boards.
2.3.
If Customer has produced the Video Ad he shall not be entitled to publish the Video Ad without Stepstone’s prior approval, unless otherwise is agreed. Stepstone may also use the Video Ad on websites of its cooperation partners worldwide.
H.Additional Terms and Conditions Stepstone Recruiter Space
These Additional Terms Stepstone Recruiter Space apply in addition to our General Terms and Conditions and prevail in case of doubt.
1.Description of Services
1.1.
The term set out in section 12.1 of the General Terms and Conditions applies. Stepstone grants the Customer the non-exclusive, non-transferable right to use the Stepstone Recruiter Space during the contractual period. Stepstone shall provide the Customer with the job listing tool Stepstone Recruiter Space for 20 hours a day at http://www.Stepstone.fr/corporate/index.cfm. The Recruiter Space enables the Customer to edit and publish Advertisements on his own. This description of services is considered to be an agreement of functionality and is comprehensive. No other functionalities are granted.
1.2.
Stepstone provides the Customer with a user ID and a password for accessing the server. The Customer may change his password at any time. Within the scope of his general responsibilities, the Customer must ensure that his user ID and password can only be used by persons who are authorised to access the Stepstone Recruiter Space. The Customer is also obliged to consider any additional security criteria he has been informed about. If an agency acts on behalf of a Customer, the same provisions apply. Stepstone will grant agencies access rights to the listings of their Customers so that they have the possibility of administering listings and of placing new listings on behalf of their Customers. For this purpose, the agencies will be provided with access to statistics, current contractual data and old listings placed on behalf of the Customer. To do so, the agency must obtain the prior approval of its Customer and produce this to Stepstone, if required by the latter. The agency shall be liable if a Customer makes a claim against Stepstone because of a potentially unauthorised dissemination of access rights and information.
1.3.
If an application was submitted to the customer in accordance with para. 1.6 of the Additional terms and conditions Advertisement into the specific account of the customer in the applicant management functionality in the Stepstone Recruiter Space, the customer can view this application there and also take notes on the respective candidate and, depending on the functionality, set a status of the application and communicate with the applicant.
1.4.
In connection with the application, the client can also access the applicant’s MyStepstone profile via the applicant administration. However, this accessibility to the MyStepstone profile exists only as long as it is active, i.e. if the applicant changes his settings or deletes his profile, access to the profile is no longer possible. The application data submitted by the applicant remain unaffected.
2.Data Protection
Within the scope of the services under para. 1.3, Stepstone processes personal data on behalf of the customer as a processor in the sense of Art. 28 GDPR; the Additional Terms and Conditions Stepstone Data Processor Agreement apply in this context. The services under para. 1.4 are not carried out as data processor, Stepstone provides the content stored by the applicant at the Stepstone platform and remains controller under data protection law; As far as the customer uses this data, he may become a separate and independent controller.
I.Additional Terms and Conditions Online Ordering
These Additional Terms and Conditions Online Ordering apply in addition to our General Terms and Conditions and our Additional Terms and Conditions Advertisements, and prevail both in case of doubt.
1.Description of Services
1.1.
Stepstone publishes Advertisements on the internet on behalf of the Customer in accordance with section 2.1 of the Additional Terms and Conditions Advertisements.
1.2.
This description of services is comprehensive.
2.Written Form
Contrary to Stepstone’s General Terms and Conditions the mandatory written form shall not apply. Declarations of intent can be executed by both parties without any formal requirement and they shall be valid.
3.Terms of Payment
3.1.
No agency commission is granted for Online Ordering.
3.2.
Generally, the Customer can choose to pay by direct debit or within 10 days of receipt of an invoice. In all other cases the provisions of sections 4 and 5 of the General Terms and Conditions shall apply.
4.Customer Information Obligations
Pursuant to Belgian law Stepstone confirms the following information:
4.1.
The Online Ordering service is supplied by, Stepstone NV/SA, Wolstraat 70 Rue aux Laines, B-1000 Brussels, tel +32 2 209 98 00, fax +32 2 218 79 45, e-mail: cs@Stepstone.be, registered company number 0459.971.228, VAT no. BE 459.971.228. The supervisory authorities responsible for regulating for Stepstone’s activities can be contacted as follows:
4.1.1.
For Flanders: Ministerie van de Vlaamse Gemeenschap, Administratie werkgelegenheid, Markiesstraat 1, 1000 Brussel, tel +32 2 553 44 12 +32 2 553 44 12, fax +32 2 553 44 01, Internet http://www.werk.be/wg/arbeidsbemiddeling/documenten/lijst_bemiddeling_algemeen.pdf?SMSESSION=NO
4.1.2.
For Wallonia: Ministere de la Région Wallonne, Direction générale de l’économie et de l’emploi, Place de la Wallonie, 1, 5100 Namur, tel + 32 81 33 43 43+ 32 81 33 43 43, fax +32 81 33 38 88, Internet http://emploi.wallonie.be/THEMES/Placement/Agr_placement.htm#10
4.1.3.
Brussels Dutch: Brussels Hoofdstedelijk Gewest, Bestuur Economie en Werkgelegenheid, dienst Werkbeleid, Kruidtuinlaan 20 (derde verdieping), 1035 Brussel, tel: +32 2 204.21.11+32 2 204.21.11, fax + 32 2 800 38 07, Internet http://portail.irisnet.be/cmsmedia/nl/lijst_van_de_partners_van_actiris.xls?uri=43742a96031fc020010321e1dc6500be
4.1.4.
Brussels French: La Région de Bruxelles-Capitale, l’Administration de l’économie et de l’emploi, Direction de la politique et de l’emploi, Boulevard du Jardin Botanique 20, 1035 Bruxelles, tel + 32 2 204 21 11+ 32 2 204 21 11, fax + 32 2 800 38 07, Internet http://portail.irisnet.be/cmsmedia/fr/liste_des_agences_d_emploi_privees.pdf?uri=ff80818119970beb0119999b9e920050
4.2.
The contract with the Customer shall be concluded once the following technical steps have been completed:
4.2.1.
The order form including the advertisement template is completed
4.2.2.
Advertisement preview is displayed on every page until the placing of the order
4.2.3.
The Customer reads and accepts the Terms and Conditions
4.2.4.
The Customer clicks on “placing order”
4.2.5.
The Customer is sent an electronic acknowledgement of receipt of the order (this is not the order confirmation, but the confirmation that the order was received)
4.2.6.
Order confirmation from Stepstone
4.3.
The contract is concluded when the Customer receives Stepstone’s order confirmation. Thereafter the Advertisement will be published online.
4.4.
These Terms and Conditions (General Terms and Conditions, Additional Terms and Conditions Advertisements and Additional Terms and Conditions Online Ordering) together contain the entire terms of the contract for the online ordering of an Advertisement. The price for Online Ordering is defined and published at www.Stepstone.be when the Customer receives Stepstone’s offer to enter into a contract. The legal relationship resulting from the (free of charge) visit to the Stepstone web site is explained and defined in detail in our Terms of Use.
K.Additional Terms and Conditions Stepstone Data Processor Agreement
1.Stepstone acting as Processor
1.1.Stepstone processes personal data on behalf of the Customer to the extent that the comment function of the Stepstone Direct Search Database is used by the customer. With the help of the Direct Search Database, it is possible for the Customer to view profiles of Candidates and, in particular, to save comments on the respective profiles. Stepstone only processes personal data on behalf of the Customer in the event that the comment function is used (storage of the respective comments on a Candidate’s profile). In addition, it is stated that the further services within the scope of the DirectSearch Database are not carried out as data processing under this DPA; in this case, Stepstone merely provides the content stored by Candidates at Stepstone and remains the person responsible under data protection law. Insofar as the Customer uses this data, it shall become a further data controller, if applicable.
In the Stepstone Customer Center, the customer can create a customer account that can also be accessed by several of the customer’s users. In the Stepstone Customer Center, the customer can create job advertisements and publish them on the Stepstone platform. When candidates apply for these positions via the Stepstone platform, these applications are sent to the Stepstone Customer Center to be managed by the client. As part of this application management, the customer can create notes about the applicants in the customer account, make the applications accessible to members of the customer’s organization, send messages, arrange job interviews, as well as reject and accept candidates..
1.2.
Stepstone processes the personal data solely within the framework of the contract and in accordance with the documented instructions of the customer unless there is an exceptional case within the meaning of Article 28 (3) (a) GDPR.
1.3.
The processing takes place exclusively in member states of the European union or in another contracting state of the agreement over the European economic area, as far as no other instruction was given and a transmission in accordance with the regulations of Artt. 44 to 49 GDPR is allowed.
1.4.
The duration of the processing corresponds with the duration of the use of the Stepstone Customer Center, whereby, at the end of the term of contract about the publication of job adverts or the Direct Search Database, the respective access is disabled, upon conclusion of a new contract, the access is reactivated, unless the contract for the use of the Recruiter Space was terminated in the meantime.
1.5.
Data subjects in the context of the applicant management functionality are persons who have applied for a job vacancy with the Customer through the Stepstone application form. Data subjects in the context of the Direct Search Database are natural persons who have a profile with Stepstone.
1.6.
The type of personal data used in the context of the processing for the applicant management functionality consists of CV data, such as contact details, educational records, work experience and knowledge and interests, and any other data submitted by the candidate, and data entered by the customer such as comments created by the customer or an application status created by the customer.
In the context of Direct Search, the types of personal data are the comments made by the customer about the persons concerned in connection with the filling of vacancies.
1.7.
The subject matter and purpose of the processing is, in the context of applicant management functionality, that the application data submitted by applicants can be made available and viewed in the Stepstone Recruiter Space to the customer after his login in the Recruiter Space. If the customer creates a comment or status of the application (depending on the function) in order to manage it, it will also be saved there. If a status of the application can be created, the customer instructs Stepstone when entering a status to inform the applicant immediately about this status.
Subject matter and purpose of the processing in the context of the Direct Search is, that the customer can save comments about candidates whose profiles the customer can access through the Direct Search.
2.Obligations of the customer as client
2.1.
In accordance with Art. 4 No. 7 GDPR, the customer is controller of the data processed by Stepstone in accordance with the contract.
2.2.
The customer informs Stepstone immediately and completely if it finds errors or irregularities regarding data protection regulations when checking the outcome of the processing.
2.3.
The customer keeps a register for processing activities in accordance with Art. 30 para. 1 GDPR.
3.Obligations of Stepstone as contractor
3.1.
Stepstone informs the customer immediately if Stepstone believes that an instruction violates applicable laws. Stepstone may suspend the implementation of the instruction until it has been confirmed or modified by the customer.
3.2.
Stepstone complies with the terms of this agreement and relevant data protection laws, including the GDPR.
3.3.
Stepstone shall take appropriate organizational and technical measures in accordance with the relevant data protection laws, including the GDPR and in particular it’s Art. 32, to protect the personal data of the data subjects and their rights and freedoms, taking into account implementation costs, the state of the art, nature, extent and purpose of the processing and the likelihood and severity of the risk. These measures are recorded in the overview of technical and organizational measures, which is included below as Appendix 2. The technical and organizational measures are subject to technical progress and further development. To that extent, Stepstone is obliged to take account of developments in the latest technological standards when reviewing the effectiveness and making corresponding modifications. Alternative security measures are permitted if they at least comply with the security level of the specified measures. Any material modifications must be documented.
Substantial modifications after conclusion of the agreement shall be communicated to the customer without undue delay. If the measures are modified to such an extent that the customer does not consider that Stepstone can guarantee equivalent or higher protection of the data, the customer has the right of termination without notice following the issue of instructions to no avail. The same applies in the event of a failure to give notice of such modifications.
3.4.
Stepstone shall provide the customer with the information required for the records of processing activities under Art. 30 para. 1 GDPR and, to the extent required by law in accordance with Art. 30 para. 2 to 5 GDPR, shall maintain its own record for all categories of processing performed on behalf of the customer.
3.5.
All persons who are able to access personal data processed for the customer in accordance with the agreement must be subjected to a duty of confidentiality in accordance with Art. 28 para. 3 b) GDPR and notified of the particular data protection duties arising under this agreement as well as the existing obligation to adhere to instructions and the purpose limitation.
3.6.
Stepstone has appointed a data protection officer. Its current contact details are easily accessible on the homepage of Stepstone.
3.7.
Stepstone guarantees the protection of the rights of data subjects and shall support the customer in responding to applications for the safeguarding of the rights of data subjects in accordance with Art. 12-23 GDPR.
Stepstone informs the customer immediately if data subject directly addresses Stepstone for the purpose of accessing, rectification, erasure or to restriction of processing his personal data.
Stepstone supports the customer in carrying out data protection impact assessments pursuant to Art. 35 GDPR and the resulting consultation of the supervisory authority in accordance with Art. 36 GDPR to the extent necessary. Stepstone supports the customer with regard to ensuring the reporting and notification obligations in the event of data breaches as defined in Articles 33 and 34 GDPR.
3.8.
Stepstone shall notify the customer without undue delay in text form in the event of any disruptions to the operational processes, the suspicion of data protection breaches under Art. 4 no. 12 GDPR in connection with the data processing or any other irregularities in processing the customer’s data.
3.9.
In the case of investigations by the data protection authority at Stepstone, the customer is to be informed immediately as far as these investigations concern the subject matter of the contract.
3.10.
In the event that Stepstone intends to process data from the customer, including transmission to a third country or to an international organization, without having been instructed by the customer, i.e. because Stepstone is obliged to do so in accordance with Article 28 (3) sentence 1 a GDPR, Stepstone will inform the customer without delay about the purpose, legal grounds and data concerned, unless prohibited by law.
3.11.
As far as a transfer of controller’s personal data outside of the European Union is planned or is already being carried out by Stepstone and no adequacy decision of the European Union according to Art. 45 GDPR is available, Stepstone has or will conclude the EU Model Clauses. It is hereby agreed that the data controller as an independent holder of rights and obligations will enter these EU Model Clauses. The data controller is still free to conclude the EU Model Clauses directly with the data importer.
4.Audits including inspections
4.1.
Stepstone shall provide the customer with all information required to evidence the obligations set down in this agreement and , subject to adequate prior notice and during standard business hours (9:00 a.m. – 6.00 p.m.), shall enable the customer prior to and during the term of this agreement to perform checks, including inspections, in accordance with Art. 28 para. 3 h) GDPR. Before and during the data processing, the customer is entitled to satisfy itself that the technical and organisational measures are being complied with, or it may retain suitable third parties with an obligation of professional confidentiality to do so, at Stepstone’s business premises during regular business hours subject to timely notification without disrupting business operations. The outcome of these checks will be documented and signed by both parties.
4.2.
The technical and organisational measures may also be evidenced by presenting current certificates, reports or extracts of reports by independent bodies (e.g. external auditors internal auditors, Data Protection Officer, IT security team, data protection auditors, quality auditors) or a suitable certification by IT security or data protection audit (e.g. based on BSI principles) for this purpose.
5.Other processors
5.1.
With conclusion of the contract, the subcontractors listed in Appendix 1 below are approved. Stepstone may assign agreements to sub-processors if it notifies the customer on this website in advance of the involvement or replacement of new sub-processors and the customer raises no objection within 4 (four) weeks. If customer objects, then Stepstone may cease to provide the services of the customer that are subject to this Data Processing Agreement.
5.2.
Where a Stepstone engages another processor for carrying out specific processing activities on behalf of the controller, the same data protection obligations as set out in the contract or other legal act between the controller and the processor shall be imposed on that other processor.
5.3.
Services that are procured from third parties as an ancillary service to support the performance of the agreement shall not be deemed subcontracted. These include e. g. telecommunication services, maintenance and user service, cleaners, auditors or the disposal of data media. However, in agreement to guarantee the protection and the security of the customer’s data, Stepstone is also obliged to enter into adequate and legally compliant agreement and to perform checking measures for ancillary services that are procured from third parties.
6.Erasure and return
Upon request from the customer, Stepstone will delete data processed on behalf of the customer. Stepstone will delete all data processed on behalf of the customer when the contract for the use of the Recruiter Space terminates. In the application management functionality, Stepstone will delete the data at the latest one year after receipt of the application in the applicant management functionality.
L.Appendix 1 – List of sub-processors to the Terms and Conditions Stepstone Data Processor Agreement
The customer consents to the use ot the following sub-processors:
Company | Address | Services |
The Stepstone Group GmbH | Axel-Springer-Str. 65, 10969 Berlin Germany |
– hosting and associated security services – back up services – Customer service support for trouble-shooting |
The Stepstone Group EMEA GmbH | Völklinger Straße 1, 40219 Düsseldorf Germany |
– hosting and associated security services – back up services – Customer service support for trouble-shooting |
The Stepstone Group Belgium NV | Tweed building Reception – 5th floor Wolstraat 70 Rue aux Laines 1000 Brussels Belgium |
– hosting and associated security services – back up services – Customer service support for trouble-shooting |
Stepstone Services sp. z o.o. | ul. Domaniewska 50, 02-672 Warschau, Poland |
Customer service support for trouble-shooting |
M.Appendix 2 – Overview of technical and organizational measures to Terms and Conditions Stepstone Data Processor Agreement
1. Confidentiality (Article 32 Paragraph 1 Point b GDPR) | |
|
The data centers have a multi-layered security structure. The perimeter of data centers is protected by high security fencing and walls. The entrances are staffed with security guards, 24×7 hours. Surveillance cameras are used to monitor the locations. Access to the computer room is protected by a magnetic card system. The equipment is stored in locked cabinets. The outer boundary of the data centers is secured by high-security fences and walls. The entrances are guarded around the clock, video camera systems are used for full surveillance. Access to the computer rooms is protected by a card-based access control system. Extensive safety precautions also exist at the relevant locations Stepstone. Card-based access control systems are used and visitors will have to be granted access. |
|
The Customer can only access the data processed on its behalf after logging in to the customer space with the password that was defined by the user. Stepstone stores the user authentication details in encrypted form, only. By default, the user-system data flow is end-to-end encrypted using the Transport Layer Security (TLS) protocol.Stepstone has an internal password policy for it’s employees which requires i.a. passwords to be at least 8 characters long, not to be the same or similar to the user name, to contain at least 3 of the following 4: i) Upper case letters e.g. A,B,C, ii) Lower case letters e.g. a,b,c , iii) Numbers e.g. 1,2,3 iv) Symbols e.g. @,#,+, to be regularly changed. |
|
The Customer’s access rights are strictly limited to access only such personal data that is actually processed on its behalf. Only selected Stepstone personnel can access the personal data processed on behalf of the Customer on a need to know basis within pre-defined rights and only for the purposes of system administration and customer service purposes on request of the customer. The system logs all events about the data processed on behalf of the customer. |
|
The Stepstone Recruiter Space is multi-client capable so that each individual logged in customer can only see data associated with the customer’s account |
|
Does not apply, because the customer needs to see the full details of an applicant. |
2. Integrity (Article 32 Paragraph 1 Point b GDPR) | |
|
All data sent over public networks is end-to-end encrypted using the Transport Layer Security (TLS) protocol.
|
|
The Stepstone systems log the activities of any login and logout as well as the editing, adding, altering, and deleting by recording user, actions and time (through a timestamp). |
3. Availability and Resilience (Article 32 Paragraph 1 Point b GDPR) | |
|
Antivirus as well as Firewall and other security solutions in place to guarantee safety. The hosting environment is equipped with fire detection system, water leak detection system in rooms below the raised floor. Temperature and humidity are constantly monitored to ensure that the pre-defined specifications are continuously met. Hosting infrastructure is equipped with continuous supply with life span from at least 72 hours. |
|
Rapid recovery is ensured by · Back-up procedure; · Encryption; · Uninterrupted power supply (USV); · Separate storage; · Virus protection, Firewall; · Emergency plan, disaster recovery; · Organisational / Employee Training; |
4. Procedures for regular testing, assessment and evaluation (Article 32 Paragraph 1 Point d GDPR; Article 25 Paragraph 1 GDPR) | We have regular audits of our Information Security standards and processes with external providers. Network penetration scans are performed regularly. We track and review logs at two levels before any requests reach our application servers. These are at a firewall level and at a WAF (Web Application Firewall) level. This allows us to track all unordinary presentation layer requests to database being analysed and actively blocked, preventing SQL injection attempts. The application itself tracks any failed login attempts if the request has gone through the Firewall and WAF. Data protection measures are continuously reviewed in a PDCA cycle. |
Brussels, 08.2024